0b7da6388091ff9d696a18c95d41b587

Sharing

Copy URL Twitter E-mail

General

Target

0b7da6388091ff9d696a18c95d41b587
Size

2.0MB
MD5

0b7da6388091ff9d696a18c95d41b587
SHA1

6c10d7d88606ac1afd30b4e61bf232329a276cdc
SHA256

6eedf45cb91f6762de4e35e36bcb03e5ad60ce9ac5a08caeb7eda035cd74762b
SHA512

45b26e8f9885dca6f4e1984fc39cb4c2a5b5988c970f35dde987b7a5a8417acbe5e972a6602071e903425f91a9095c7c289e574c3bad3039324185ad85d06a9a
SSDEEP

49152:aq2pP74082ly/38k2qOIQ1mMhRNaYF+bLVKqPGRp6WA:A3SzMhvF+bg1RpRA

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0b7da6388091ff9d696a18c95d41b587

Files

0b7da6388091ff9d696a18c95d41b587
.dll windows:6 windows x64 arch:x64

5ef8f01c658f59bd6fe659f827776382

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

DeleteCriticalSection
VerSetConditionMask
SleepEx
TlsGetValue
GetSystemTimeAsFileTime
TlsFree
CreateIoCompletionPort
GetCurrentProcess
Thread32Next
Thread32First
GetModuleHandleA
OpenProcess
LoadLibraryA
VirtualProtectEx
GetProcAddress
OpenThread
GetStdHandle
GetFileType
WriteFile
GetModuleHandleW
MultiByteToWideChar
SwitchToFiber
DeleteFiber
CreateFiber
WideCharToMultiByte
ConvertFiberToThread
ConvertThreadToFiber
QueryPerformanceCounter
GetCurrentProcessId
GetTickCount
GlobalMemoryStatus
GetEnvironmentVariableW
GetConsoleMode
ReadConsoleA
ReadConsoleW
SetConsoleMode
GetSystemTime
SystemTimeToFileTime
ReadFile
CreateFileW
lstrcmpA
CreateWaitableTimerA
VirtualAlloc
HeapFree
HeapReAlloc
HeapAlloc
GetProcessHeap
VirtualQuery
lstrcpyA
GetFullPathNameW
GetCurrentDirectoryW
QueueUserAPC
TlsAlloc
TerminateThread
SetEvent
GetLastError
GetModuleHandleExA
CreateEventW
PostQueuedCompletionStatus
ExitThread
lstrcatA
GetQueuedCompletionStatus
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
WaitForMultipleObjects
EnterCriticalSection
SetLastError
VerifyVersionInfoA
TlsSetValue
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
PeekNamedPipe
GetDriveTypeW
FindFirstFileW
SetEndOfFile
GetTimeZoneInformation
HeapSize
WriteConsoleW
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetCPInfo
GetOEMCP
IsValidCodePage
FindNextFileW
FindNextFileA
FindFirstFileExA
FindClose
GetStringTypeW
SetStdHandle
SetFilePointerEx
GetConsoleCP
FlushFileBuffers
LCMapStringW
CompareStringW
GetACP
SetWaitableTimer
GetModuleFileNameA
CloseHandle
CreateToolhelp32Snapshot
WaitForSingleObject
SetConsoleCtrlHandler
ExitProcess
GetModuleHandleExW
FreeLibraryAndExitThread
ResetEvent
WaitForSingleObjectEx
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
GetCurrentThreadId
InitializeSListHead
FormatMessageA
LocalFree
InterlockedFlushSList
RtlPcToFileHeader
EncodePointer
RaiseException
RtlUnwindEx
FreeLibrary
LoadLibraryExW
CreateThread

user32

GetUserObjectInformationW
GetProcessWindowStation
MessageBoxW

advapi32

CryptCreateHash
DeregisterEventSource
RegisterEventSourceW
ReportEventW
CryptAcquireContextW
CryptReleaseContext
CryptDestroyKey
CryptGenRandom
CryptEnumProvidersW
CryptSignHashW
CryptDestroyHash
LookupPrivilegeValueA
CryptDecrypt
CryptExportKey
CryptGetUserKey
CryptGetProvParam
CryptSetHashParam

shell32

SHGetSpecialFolderPathA

ole32

CoInitializeSecurity
CoInitializeEx
CoCreateInstance
CoSetProxyBlanket
CoUninitialize

oleaut32

VariantInit
SysFreeString
SysAllocString
VariantClear

ws2_32

WSASetLastError
WSASocketW
getaddrinfo
connect
WSARecv
getsockopt
select
ioctlsocket
setsockopt
WSAGetLastError
recv
send
WSASend
closesocket
freeaddrinfo
WSACleanup
WSAStartup

crypt32

CertCloseStore
CertEnumCertificatesInStore
CertFindCertificateInStore
CertDuplicateCertificateContext
CertFreeCertificateContext
CertOpenStore
CertGetCertificateContextProperty

shlwapi

StrChrA
StrToIntA

Sections

.text
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 585KB - Virtual size: 585KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 121KB - Virtual size: 144KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 77KB - Virtual size: 77KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 512B - Virtual size: 300B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5ef8f01c658f59bd6fe659f827776382

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

ws2_32

crypt32

shlwapi

Sections

.text Size: 1.3MB - Virtual size: 1.3MB

.rdata Size: 585KB - Virtual size: 585KB

.data Size: 121KB - Virtual size: 144KB

.pdata Size: 77KB - Virtual size: 77KB

.gfids Size: 512B - Virtual size: 300B

.tls Size: 512B - Virtual size: 9B

.reloc Size: 22KB - Virtual size: 22KB

.text
Size: 1.3MB - Virtual size: 1.3MB

.rdata
Size: 585KB - Virtual size: 585KB

.data
Size: 121KB - Virtual size: 144KB

.pdata
Size: 77KB - Virtual size: 77KB

.gfids
Size: 512B - Virtual size: 300B

.tls
Size: 512B - Virtual size: 9B

.reloc
Size: 22KB - Virtual size: 22KB